Security breach costs US CIO his job

According to Government Technology, a breach of health data within the Utah Department of Health in the US has cost the state’s CIO, Steve Fletcher, his position.

Fletcher’s departure was part of Utah Governor Gary Herbert’s actions following the breach, which was discovered on April 2 and is believed to have compromised 280,000 Social Security numbers other personal information of an estimated 500,000 people, including names, addresses, birth dates and some details contained in patient health records.

In response to the data loss, Utah has now started a comprehensive security audit of the state’s technology systems and created a new position of “health data security ombudsman.”

The data breach was found to have occurred on March 30, and is believed to have been caused by a weak password that allowed hackers to break through the department’s security and steal the personal information of as many as 780,000 people.

Government Technology reported that the breach was regarded as ‘preventable’, and that the incident shows that greater funding is needed to protect government’s IT systems.

At the same time, it shows the problems CIOs – in both the public and private sectors – face in trying to put adequate protection in place to prevent security breaches before they occur.

The problem is that if you ask for security funding before anything has happened, the request risks being rejected by executives. And if you wait until a breach occurs, as in the latest Utah case, it’s a bit like shutting the gate after the horse has bolted.